Gulf Transactions

GDPR Compliance

 

Updated, January 12, 2024

What is GDPR?

The EU General Data Protection Regulation (“GDPR”) came into force across the European Union on May 25, 2018, and brings with it the most significant changes to data protection law in two decades. Based on privacy by design and taking a risk-based approach, the GDPR has been designed to meet the requirements of the digital age.

The 21st century brings with it a broader use of technology, new definitions of what constitutes personal data, and a vast increase in cross-border processing. The new regulation aims to standardize data protection laws and processing across the EU; affording individuals stronger, more consistent rights to access and control their personal information.

Gulf Transactions website

Gulf Transactions is committed to ensuring the security and protection of the personal information that we process, and to providing a compliant and consistent approach to data protection. We have always had a robust and effective data protection program in place that complies with existing laws and abides by data protection principles.

However, we recognize our obligations to update and expand this program to meet the demands of GDPR and Germany’s DSVGO. Gulf Transactions is dedicated to safeguarding personal information under our remit and developing a data protection regime that is effective, fit for purpose, and demonstrates an understanding of, and appreciation for, the new regulation. Our preparation and objectives for GDPR compliance have been summarized in this statement and include the development and implementation of new data protection roles, policies, procedures, controls, and measures to ensure maximum and ongoing compliance.

Gulf Transactions already has a consistent level of data protection and security across our organization; however, we aim to be fully compliant with GDPR. Our preparation has included:

Information Audit: carrying out a company-wide information audit to identify and assess what personal information we hold, where it comes from, how and why it is processed, and if and to whom it is disclosed.

Policies & Procedures – revising data protection policies and procedures to meet the requirements and standards of the GDPR and any relevant data protection laws, including:

Data Protection: Our main policy and procedure document for data protection has been overhauled to meet the standards and requirements of the GDPR. Accountability and governance measures are in place to ensure that we understand, adequately disseminate, and evidence our obligations and responsibilities.

Data Retention & Erasure: We are reviewing our retention policy and schedule to ensure that we meet the ‘data minimization’ and ‘ storage limitation’ principles and that personal information is stored, archived, and destroyed compliantly and ethically. We have dedicated erasure procedures in place and are aware of when these and other data subject’s rights apply; along with any exemptions, response timeframes, and notification responsibilities.

Rights of access, correction, erasure, and your duty to inform us of changes

It is essential that the personal information we hold about you is accurate and current, particularly in relation to professional data and contact details. Please keep us informed if your personal information changes during your use of our website. We may contact you periodically to update your details.

Your rights in connection with personal information

Under certain circumstances, by law, you have the right to:

  • Request access to your personal information (commonly known as a “data subject access request”). This enables you to receive a copy of the personal information we hold about you and to check that we are lawfully processing it.
  • Request corrections to the personal information that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected.
  • Request the erasure of your personal information. This enables you to ask us to delete or remove personal information where there is no good reason for us to continue to process it. You also have the right to ask us to delete or remove your personal information if you have exercised your right to object to its processing (see below).
  • Object to processing of your personal information where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation that makes you want to object to processing on this ground. You also have the right to object where we are processing your personal information for direct marketing purposes.
  • Request a restriction of processing of your personal information. This enables you to ask us to suspend the processing of personal information about you, for example, if you want us to establish its accuracy or the reason for processing it.
  • Request the transfer of your personal information to another party.

If you wish to review, verify, correct, or request the erasure of your personal information, object to the processing of your data, or request that we transfer a copy of your personal information to another party, please contact us by email.

What may we need from you?

We may need to request specific information from you to help us confirm your identity and ensure your right to access the information (or to exercise any of your other rights). This is another appropriate security measure to ensure that personal information is not disclosed to any person who has no right to receive it.

Right to withdraw consent

In the limited circumstances where you may have provided your consent to the collection, processing, and transfer of your personal information for a specific purpose, you have the right to withdraw your consent for that specific processing at any time. To withdraw your consent, please contact us by email.

Should you have any questions about how we process your data, please read our privacy policy or feel free to contact us using our contact page.

 
Verified by MonsterInsights